CVE-2021-33733
CVE-2021-33733
In short
A flaw in SINEC NMS allows an authenticated attacker with elevated privileges to run arbitrary commands on the local database through specially crafted web requests. This could lead to complete compromise of the database and sensitive data theft.
Technical detail
SQL injection vulnerability in SINEC NMS webserver allows authenticated privileged users to execute arbitrary SQL commands against the local database via crafted HTTP requests. Impact includes unauthorized data access, modification, and potential system compromise; affects all versions prior to V1.0 SP2 Update 1.
Summary generated and translated by AI from the official description.
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.
Affected products
Siemens · SINEC NMSWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →